Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

itwbennett writes "Last week, Phoenix New Times reporter Ray Stein revealed that LifeLock CEO Todd Davis (who famously published his Social Security number in LifeLock ads) had been the victim of identity theft at least 13 times. This week, LifeLock made it clear that it's not so cavalier with its employees' personal data. The company asked the New Times to remove from its website a police report containing a redacted Social Security number, date of birth, address, and phone number of Lifelock employee Tamika Jones. In an interview, Stein said that the fact that LifeLock had to call and ask for the document to be removed reflected badly on Lifelock's service. 'I think this shows clearly that they know that it's got potential problems.'"

Common sense would be banks requiring more information than an SSN and DOB from an internet connected computer before opening lines of credit. I watched someone apply for a line of credit with Citi online and receive a $15,000 account with no verification of his identity beyond the SSN/DOB match. What's wrong with that picture?

However, on the flipside, there are privacy issues with giving personally identifiable data to a prime hacking target (like a major lending institution.)

In order for them to validate a session as a legitimate person, they need personally identifiable data on that person. That means that they are warehousing such data, and in addition to being a target for wirefraud directly, they also become a target for identity theives of the highest order.

This is exactly what I said when they first invented banks! I mean, anyone can just walk into one of those places with a fake ID and *bam* they've got all my money! That's why I keep all my money in gold Krugerrands in a shoe box under my...

Hey now, I'm not gonna tell you where I keep my shoe box! Now get off my lawn, you wacko!

When I opened my bank account (here in Australia) I had to go into the branch physically and sign up for it, including showing various forms of ID.

The only reason the US isn't as strict is that the banks have used their powerful influence to make sure that nothing gets in the way of their ability to offer vast amounts of credit (home loans, car loans, personal loans, credit cards etc) to anyone and everyone.

Case in point, I took this idea to my neighbor around dinner-time this evening. Within 40 minutes I had places of birth, first car models owned, and the easiest was the ever-sacred maiden names. Now....what to buy???

Interestingly, the maiden name has lost its value in recent times. It used to be that the moment a woman got married, her maiden name all but vanished; these days, it seems the younger married woman prefers to use her maiden name as a new middle name.

The maiden name was always a goofy "security" thing anyway; long before the internet, a little social engineering is all it took to glean a maiden name.

It took me over a year once I moved to the US to get a credit card. It took even longer for my wife since she had no SSN until a few years ago (yes you can live legally in the US for years and declare taxes without being allowed a SSN).

There is a vicious circle: no credit history, you can't get a credit card... but you need one to get a credit history. You also have the option of the prepaid credit card, where you have to loan the bank say $500 for a $500 line of credit.

Just get your name into the advertiser's databases. Soon enough, you will have credit card offers streaming in. So will your dog, cat, goldfish, and the deceased hamster you had when you were 5 years old.

The only reason the US isn't as strict is that the banks have used their powerful influence to make sure that nothing gets in the way of their ability to offer vast amounts of credit (home loans, car loans, personal loans, credit cards etc) to anyone and everyone.

Do you have any evidence of this? Because it also happens the other way around—the banks put up fake barriers to credit, and the government orders them to take them down due to fairness, anti-discrimination, etc.

The only reason the US isn't as strict is that the banks have used their powerful influence to make sure that nothing gets in the way of their ability to offer vast amounts of credit (home loans, car loans, personal loans, credit cards etc) to anyone and everyone.

Right - it is in a bank's best interest to lend their money to as many people as possible, with no verification of whether or not those people will ever be able to pay it back. Because you know, when you steal the bank's money, the bank wins!

Right - it is in a bank's best interest to lend their money to as many people as possible, with no verification of whether or not those people will ever be able to pay it back. Because you know, when you steal the bank's money, the bank wins!

The banks borrow the money from the Federal Reserve (which creates it "out of thin air") at very low interest (currently nearly zero - but call it 2% to make some numbers come out nice later). Why do they accept and solicit deposits (on which they pay similarly low int

But people are also legally liable for $50 in unauthorized charges at most (though AFAIK, most card companies waive that too, as long as it's reported promptly). Also (this may be a state by state thing), merchants are unable to charge a fee for credit card use. (They can give a "cash discount", thus effectively the same thing -- but at least you pay the posted price with credit cards. I realize this also can be considered a bad thing from a merchant's point of view.)

There are any number of ways that a bank could be compromised, and the data distributed. Unlike a password, or a username, or even a SSN, there is no way to change your mother's maiden name, etc.

I opened a bank in a foreign country. They take and hash your password as you give it to them. The password is never known by anyone there, can't be retrieved and will never be seen. It's up to me to make sure I don't use it on an infected system. If it gets out, I'm pretty much on the hook for whatever is in my account when someone wipes it out. That password is worth thousands of dollars. You make sure it's secure, and you treat it as such.

The fraud levels in the US are some of the highest in the world, and it's because the banks don't care. They make enough with the fraud and aren't held responsible for the actual harm they cause people when they put inaccurate information on credit reports.

Let someone sue when there's an inaccuracy on their credit report (with the burden being on the person who put it there to prove it's accurate) and you'll see that crap stopped pretty quick. Make the banks pay an "oops" fee of $100 to their customers when the banks take out money because of a fraudulent transaction the customer couldn't have prevented. Hold the banks responsible for the damage they are causing through "identity theft" (which is nothing more than lax security blamed on their customers when the banks have the ability to stop nearly all identity theft). When that's done, then fraud will drop and identity theft will be gone except for the few cases where couples pretend to be the other to wipe out an account as part of a breakup.

I think your heart is in the right place, but I'm not sure your ideas make sense?

I opened a bank in a foreign country. They take and hash your password as you give it to them. The password is never known by anyone there, can't be retrieved and will never be seen. It's up to me to make sure I don't use it on an infected system. If it gets out, I'm pretty much on the hook for whatever is in my account when someone wipes it out. That password is worth thousands of dollars. You make sure it's secure, and you treat it as such.

God, I hope most banks don't rely on such weak security? The bank where I have my business account gave me a security token that I've got to use in addition to a username/password to login. Before I do anything major like account transfers or wires, I've got to use the security token again. Interactive Brokers trading offers security tokens as well though I haven't used theirs--I have a lookup page from them that serves the sam

That would be awesome. I'd set up an arrangement where my friends would steal my identity. They'd give whatever they got back to me, and we'd split the $100. Nobody would possibly take advantage of that system!

Excellent! If the banks are that lax, they deserve to lose. Watch carefully though since they'll soon tighten up security and then your friends will get busted for fraud (and you for conspiracy). If the banks are actually doing what they should be, there can be no abuse of the oops fee. You'll know it's working when the detectives show up.

Absolutely that would be the proper outcome. My point is merely that ranting isn't enough, when you just randomly toss out ideas like this you have to consider the full consequences. It's Bastiat's seen and unseen.

Some people like to think criminals are dumb. It's true that there are a lot of dumb criminals (and a lot of dumb people in general), but when it comes to financial fraud and millions of dollars, there are some smart people out there as well, and they're playing for keeps.

I use the phrase "can sue" that holds meaning. Anyone can sue for any reason. You can sue your neighbor for not being home when you burned your house down. There doesn't need to be cause or standing to file paperwork. It will likely not make it past the first viewing by a judge, but anyone can sue for any reason. So "can" sue means to me that you'd get to a judgment with at least, say, a 25% chance of winning. With

I use the phrase "can sue" that holds meaning. Anyone can sue for any reason. You can sue your neighbor for not being home when you burned your house down. There doesn't need to be cause or standing to file paperwork. It will likely not make it past the first viewing by a judge, but anyone can sue for any reason. So "can" sue means to me that you'd get to a judgment with at least, say, a 25% chance of winning. With that definition, you can't sue.

As I said, google it. If you don't find instances of succesful law suits in these situations, you're seeing different search results than I am!

So? They send a form letter back with "on XXX date Joe Schiester stated that you were in default." And done. That's it. You have no recourse after that with the credit report agency if they contact Joe and he says it's true. At best, you can have an explanation attached to that item, but you can't get it off through the agency if the bad data was put on by someone who continues to claim it's correct. Please correct me if I'm wrong, but that's my understanding. At that point, you can sue the person that put it on, but not the agency itself.

That's not true. If you send them proof that their source data is wrong, they HAVE to respond. Again, check out the Fair Credit Reporting Act.

Why wait, do it now. Go charge up a bunch of crap on a friend's credit card. Have him report it stolen a couple hours later. Sell the crap on ebay. If you aren't doing that now, then you are a liar when you say you'd game the system. And the implication that it can be gamed is irrelevant to the assertion it would stop the practice.

I'm a liar? Ok, you got me! Sheesh, I never understand how people can get so worked up in personal fashion on online conversations. People game the system right now, if you don't

Are you sure people can't sue? I had Cingular (Now AT&T Wireless) put a fraudulent entry on my credit report. They even sent me to collections on a $0.00 balance. I wrote both the collections agency and AT&T and told them they had 2 business weeks to correct my credit report and cease collections attempts or I was going to sue them both for libel. Sure enough, two weeks later everything had been cleaned up.

I'm certainly no expert but my guess is that's a record time for having a credit report fix

People can sue any time for any reason. I could sue you because you used my oxygen breathing. I'd lose, but I "can sue."

In your case, you'd have lost such a suit (or, at bet won with no award of damages). For one, "fraud" requires they gain something. It also requires purpose. Accidentally doing it isn't fraud. Doing something that doesn't cause harm isn't fraud. And to sue, you'd need to prove actual damages. What damage did you receive? Libel also requires that it be published. If no one else r

IMHO, Banks should use a dedicated, private network that does NOT have ANY endpoints connected to the public internet for just this reason.

Would there not be some point in transit between, say, a point-of-sale cardreader or an ATM, that could be similarly compromised? It wouldn't necessarily be easy, but where there's a will, there is a way. Even if every unit had it's own dedicated line from itself to the bank, those cables have to run somewhere, and you can't necessarily keep them under constant supervision. It might reduce the number of points of failure (as far as security mechanisms are concerned), but by no means would it eliminate the

I like the idea of a dedicated, private network. This is what a lot of companies used to have before they were called intranets.

Maybe expand on this some, have it be a B2B backbone (BIPRnet, similar to NIPRnet and SIPRnet) where unless authorization is prearranged beforehand for one business's machines to communicate with another's, the switching fabric wouldn't allow the connection? This could be done even at a port level, so B2B E-mail via an Exchange connector at a custom port would go through, but som

Police fucked up redacting a public record when they made it public. The Lifelock employee was made aware of the screw up via a web site which reported the fuck up (and NOT by Lifelock), otherwise, the employee would still be clueless as to why she was getting her identity anally raped hundreds of times a day, despite the (hopefully free) Lifelock "protection" she has signed up for. The Lifelock employee made her superiors aware of this, and probably asked what they could

Really nice straw man. The real story is that the police are releasing this data and that lifelock can't be expected to watch the entire internet 24/7 but they're catching blame from this anyway somehow.

Really nice straw man. The real story is that the police are releasing this data

No, they aren't. They released a properly redacted document, with all info that could be used by an identity thief properly covered up.

and that lifelock can't be expected to watch the entire internet 24/7

... and yet, they expect their customers to pay $10 / month for exactly this "service".

but they're catching blame from this anyway somehow.

... because they're selling snake oil, then are caught red-handed trying to censor the news, and finally spin their censorship as just protecting their employee's id data (which was never actually exposed in the police report).

Good analysis, except that police didn't even fuck up the redaction of the PDF document. Well, it's a plausible error to do, indeed lots of institutions, even 3 letter agencies should should have known better have goofed in such a way.

But in this case, police actually did just fine, by putting the rectangles right into the image, rather than adding them as an (easily removed) additional layer into the PDF.

So why is Livelock fighting this then, if it didn't actually expose the employees data?

You sir, are incorrect. The original PDF [wired.com] from the police department (which was copied by and is still being hosted on Wired.com's website with their follow-up article [wired.com]) has a layer of black 'redaction' blocks, but all the personal data is still there and can be cut-and-pasted.

The reporter sanitized the PDF for the cops by printing it, scanning it, and making another PDF (I would have just raster printed it direct to another PDF file), and replaced the original on the web site with the new one.

Putting these technical restrictions to regulation is a bad idea (though some limited minimum standards is probably good). I think you have to look at the difference between the credit card system and the bank account system. You'll probably find that there's more technical protection on your bank account access, but credit card fraud worries you less and causes you fewer problems. The reason for this is that the credit card fraud is pushed to the place which is able to verify the transaction and not just the account holder; the shop and the credit card system. The security is very dynamic. If you make a small transaction in a place near where you live, it will almost always go through. If you make a large transaction in Cambodia, soon after making one at home (unless, of course you are Cambodian, in which case the same argument applies, but in New York), the company will call you directly to your mobile phone and ask you to confirm the transaction.

The reason this works like this (which is expensive) and works so well is simple. You are allowed to reverse the transactions if they aren't yours. This pushes the liability to the bank. If the same applied to bank accounts, that you could just reverse any transaction and the bank had to prove you were liable for it, suddenly bank fraud would be massively reduced, disappear completely as a consumer problem and the criminals trying it would be pursued to the ends of the earth.

That's what we have in Finland at least. First you have to physically go to the bank to identify yourself and then you get a login/password and a physical list of key-value pairs for online banking. When you start to run out of said keys you go get another list from the bank or order one through mail. Then you change the list using a value from the previous list and input the number of the new key list.

In order to compromise in this system someone would have to have access both to my specific key list and m

Most of Europe has something like this, either a keyfob, or a TAN list.

However, it a rare sight for an American bank to offer much if anything more than username/password protection. You might find a bank that asks a question from your challenge/response list, or asks you to select the answer on a random list, where the text is a bitmap (to help foil malware that doesn't have an OCR engine.) Anything more than that, good luck.

What is ironic is that Blizzard offers a keyfob and/or an app for the iPhone and

What I have for my British Nationwide [nationwide.co.uk] account (a building society rather than a bank, but that's mainly semantics) is a small, calculator-lookalike card-reader that takes my ATM card and PIN and is used to sign any transactions or other significant operations involving money.

Say I want to transfer money to a non-Nationwide account, I have to:

Login by entering my customer number, passphrase and three randomly selected digits of a secret six-digit code,Set up the transfer, put my ATM card (with chip) into the

The real WTF is that if the account is opened fraudulently, the bank and credit agencies will spread nasty gossip (slander) about the actual person and try to collect the money from him. If (and only if) he challenges them on it, they will claim that the original fraudster committed a crime against him and that it is his problem. They will also claim that they are an innocent and uninvolved 3rd party to the crime.

Yup - I've been anonymous on the Internet, since, well, since it was Darpanet, or uucp, or whatever it was. Call me paranoid, but even way back in the day, I always wondered, "why would I want anyone to know X, about me?"

If you are writing me a check, I'll give you enough info so I can cash it, otherwise, meh. Even my cable bill has a misspelling in my name I have not corrected in 14 years.

I assumed it wasn't about protecting yourself but the ability to pay someone to do it and get paid by them if they don't. Paying someone to be responsible for you, with the expectation of getting reimbursed and then some if they don't. Liability.

Anyone who expects a service to 100% protect them from identity theft is an idiot.

Identity Theft does not exist. No one can steal an identity. At least not with today's technology. Some bank gets scammed by somebody. The bank then recovers its loss by defrauding one of their customers. The solution to this "problem" is obvious.

Anyone who expects a service to 100% protect them from identity theft is an idiot. Its just like a virus scanner, it might be helpful but its no substitute for common sense.

Sometimes they're not idiots. Some are just too trusting or are just plain unaware.

My company often receives mail orders containing personal checks. Every year we see several who continue to allow their SSN to be printed on the check, along with the name, address and phone number. These folks are seniors (+70) and don't understand that the SSN is the key to the castle.

In a few cases, I've sent a short letter explaining why they shouldn't do that, and a few have called and thanked me for the information. Oft

In an interview, Stein said that the fact that LifeLock had to call and ask for the document to be removed reflected badly on Lifelock's service. 'I think this shows clearly that they know that it's got potential problems.'"

so a service designed to protect your privacy is broken if it actively attempts to protect your privacy? I think this shows clearly that they got a proactive strategy to protect personal information.

just because the CEO is willing to stick his chin out doesn't mean i trust him to stick MY chin out.

You are absolutely correct! They are doing exactly as I would expect the service to do. She got her info on a police report. The police department gave a media outlet the report in such a way that her personal information was exposed. LifeLock called the media outlet and asked to remove her data. There is no way anybody could have prevented the info from getting there in the first place... except maybe not giving the police department your SSN when reporting a crime happening to someone else.

If I was a customer of theirs, and a police department did the same to me, then LifeLock is doing exactly as I would expect them to do, if they wanted to continue getting my monthly fee.

However, Tamika is one of their own, and the police report was published in an article about them. I don't think they would even notice if it had happened to a regular customer and/or if it had not been an article concerning LifeLock.

Not everyone reviews a credit report before issuing any type of credit.

ID thieves can potentially abuse personal information, no matter how many types of fraud alerts you put, there is no guarantee that it will be seen by every third party.

Or the ID thief may employee social engineering and even defeat the 'fraud alert'

Todd Davis' publishing his social security number is a gimmick, and he should understand the risks, and chose to do so anyway, clearly as a publicity stunt.

As CEO and well-known media figure he can probably more easily deal with any ills that result than the average joe, and rely on his company to pay all the money and take all the hassle haggling with creditors of ID thief.

Minor cost well worth the publicity.

His SSN is also more likely to be recognized by banks, and (I suspect) he has little need to himself apply for credit, personally, otherwise he would not do it.

As for other employees of the company....
they have not agreed to this, not agreed to the hassle, and are in a much poorer position to defend themselves against ID theft.
They have every right to their privacy, and to not have media organizations publish redacted/legally sealed or legally witheld info.

Better than a fraud alert is the security freeze [experian.com]. They won't open a new account if they can't see your credit report. The security freeze shouldn't even be a major inconvenience, unless you are one of the champs that applies for every new credit and store card under the sun.

That's what my wife and I did to our credit after my identity was stolen. It was a slight hassle when I needed to buy a new car. I had to thaw our credit for a small time frame. Still, that slight hassle is nothing compared with the hassle of repairing a stolen identity. Of course, the credit agencies don't like security freezes. They make their money off of selling your data to other companies and they can't sell frozen accounts. They'd much rather you put a next-to-useless fraud alert on your accoun

Why it is that we allow them to think that they own that information is beyond me. The information belongs to the person to which it applies. I should have complete control over how it's used and who gets to see it. There certainly shouldn't be anybody looking at it without my requesting a product or service which requires a credit check. But I'm sure the ZOMG corporations being held accountable people will tell me that it's completely my fault if they lose my personal information like TD Ameritrade did. Be

The problem with doing a security freeze on your account is that many places will charge you a fee every time they have to un-freeze it to run your credit when you DO authorize it.

Like you say, it's probably fine if you have no intentions of applying for any credit or loans for quite a while. But it gets annoying when, say, a person decides to buy a new car and finds out they're hit with a $25 charge just so the dealership can verify they're a good credit risk.

Freezing often costs money. And each of those credit bureau charges separately. Could cost one upwards of $30 to place a freeze at all three.

The hassles of "freezing" along with the fees to do so, is another illustration of the financial system being crooked; not designed to protect people, but rather to make credit as easy to obtain as possible with little regard to security.

Protection from what? Banks that blame a 3rd party every time they get robbed? This is no different than if a robber walks into a bank with a deposit slip from your account, writes "give me $10,000" on it, and robs the bank at gun point. Then, when the bank notices that it has your name on the deposit slip, they take it out of your account without your knowledge or permission, even when they know for sure you weren't the robber.

Banks are stealing from their customers when they are robbed. When "identity theft" is treated as it really is, simple fraud, then the world will be a better place. If Congress had balls (and they don't have balls, just pockets with checks in them from the banks), they'd pass a law where every contact with a customer because of a fraudulent account opened by a 3rd party earned them a $100 fine to be paid to the customer, they'd figure out security pretty damn quick. Instead, it's cheaper to screw the lives of their customers (or often, even non customers) because they are too cheap and lazy to have actual security.

"Identity theft" is where the bank performs legalized fraud to harm people because the bank got robbed due to their own negligence.

$30 for life? Not exactly, because "until you lift the freeze" often involves a fee too (and possibly an additional fee to put the freeze back on), which too can be upwards of $10 for each credit bureau.

Still, even with the added "lift freeze" fees, for most people, you're right that it's cheaper to skip LifeLock and do-it-yourself.

Unless it is a mortgage, or another purchase in excess of $50000, the credit granter will typically only check with one bureau. Inquire about which bureau they are checking with, so you don't end up spending unnecessary money. It usually only takes 15 minutes to unfreeze a credit line, so place the call, and go have a cigarette. By the time that you come back in, it will be open, and they can run the credit score. After you are approved for the loan, place another call, and freeze your credit score agai

Sigh, I'm not sure where that rumor got started. They don't claim to be untouchable otherwise why would they be advertising an insurance policy included with service? They pay the first I think it's 2 million of fraudulent activities if they're unable to get it fixed so that you aren't charged for them. I doubt very much that they'd include that if they were really untouchable. Not saying that I trust them or use them, but we should at least be telling the truth about it.

No. At this point, potential has surpassed threshold and achieved REAL problem status.

Anyhoo, Lifelock is a scam. Plain and simple.They'll take your money right enough, but they really can't deliver on their promises to protect you and your information.They're like insurance salesmen. They're simply trying for quantity and trying to live on margins, hoping that they don't get hit big by some massive info theft that they can't cover up or make disappear.Once they get a breach of a truly significant portion of their customer's data, expect to see them fold up shop like all the old fly-by-night insurance salesmen in the Depression.

Police fucked up redacting a public record when they made it public. Lifelock moved to correct. If anything, this speaks well of lifelock, they did what they were supposed to. Nothing to see here, move along. Posted again.

They're like insurance salesmen. They're simply trying for quantity and trying to live on margins, hoping that they don't get hit big by some massive info theft that they can't cover up or make disappear.

Uhh yeah, insurance is all a big scam that only morons buy into. No insurance company has ever paid out a claim and all that paperwork is just lies. Fortunately here at Slashdot we are too smart to be tricked into buying insurance. House fires and auto accidents are more lies by the megacorps/policitians

I've noticed everyone says lifelock is a scam. Well they caught the fact that the information was exposed! It is a start. The question is will they catch anyone who tries to use the ssn and birth date and other information to steal her identity?

One thing people here should think about, is that the owner is ok with putting out his info, but maybe an employee does not want to always have to have that lingering thought of what if. I know I wouldn't if it were me.

You're an idiot, it has nothing to do with no-call lists or any such thing.

It puts a "fraud alert" on your accounts and renews it every 90 days or however long they last for. Something you can easily do yourself for free. Basically having a fraud alert makes banks, lenders, etc. actually do SOME amount of work to verify your identity rather than blindly allowing anyone with a social security number to get a loan in the owner of that number's name.

Basically having a fraud alert makes banks, lenders, etc. actually do SOME amount of work to verify your identity rather than blindly allowing anyone with a social security number to get a loan in the owner of that number's name.

Not entirely true. It theoretically requires banks, lenders, etc do some work before opening a new account. In practice, they usually skip this step. Trust me, I know from experience. I opened a new bank account while I had a fraud alert on my files, yet I was never contacted to confirm that I indeed opened that account. When I pressed the credit reporting agencies on it, I was told that the fraud alert system is more of a "best practice" type of thing, and that companies were in no way obligated to actually follow the guidelines.

With fraud alerts, banks/lenders/etc are recommended to do some verification work, but they aren't *required* to do so. Some institutions might skip the verification and thus allow more ID theft to go on. Better to freeze your credit entirely. It costs some money to place, thaw and remove (how much depends on your state and whether or not you've been a victim of ID theft), but it is definitely worthwhile. As a bonus, since credit card companies can't see your credit information, they won't "pre-approve" you for credit cards and send those blank forms which then need to be shredded lest some ID thief steal them.

Of course, the credit agencies hate security freezes. They want you to place fraud alerts because they can still sell your credit information and you can still sign up for store credit cards on the fly. That's why their lobbyists will fight any bill that promises to make security freezes less expensive or easier to obtain.

Very good point, my sister had her identity stolen. She put a fraud alert on with the credit reporting agencies. She, also, regularly obtained her credit report. On one of her reports, she saw that a major Department store chain had requested her credit report. She contacted their credit processing headquarters for our region to tell them that she had not requested credt from them and told them not to issue her any. Several months later she got a bill for around $2,000. It turns out that the person who stol

Do I get mega-win for being the first commenter (as 'BootyFooz') in the original article [phoenixnewtimes.com] to point out the flawed PDF 'blackouts', revealing SSN, drivers license, and DOB info for both the CEO and the other Lifelock employee?!

The Lifelock thing is clearly a scam founded by a guy who was already lifetime-banned from the credit repair industry. The only thing they did was use robo-dialers to call one credit reporting agency to set fraud alerts on subscribers's credit reports, and when the credit reporting agen